Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data.

The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for “as long as is necessary”.

Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages.

UK police officers are also authorized to do this to UK citizens, although they are limited to seizing the phone and downloading information only after making an arrest. The border control officers have no such limitations. Scotland Yard, which is in charge of the UK's counterterrorism efforts, spells out travelers' rights this way:

Under the Terrorism Act 2000 a person may be detained and questioned for up to nine hours to determine if that individual is a person concerned in the commission, preparation or instigation of acts of terrorism as outlined in the Act.

Any person being detained can have their electronics (and contained data) seized. Their data is retained even if no charges are pressed.

Under the Act, police or border staff can question and even hold someone while they ascertain whether the individual poses a terrorism risk. But no prior authorization is needed for the person to be stopped and there does not have to be any suspicion. It means a police officer can stop any passenger at random, scour their phone and download and retain data, even of the individual is then immediately allowed to proceed.

David Anderson QC, the independent reviewer of the UK's anti-terrorism policies, says he expects to "raise concerns" during his annual review. That's nice of him, but he seems to be a little too comfortable publicly espousing the "company line."

Mr Anderson said: “Information downloaded from mobile phones seized at ports has been very useful in disrupting terrorists and bringing them to justice.

“But ordinary travellers need to know that their private information will not be taken without good reason, or retained by the police for any longer than is necessary.”

One can easily see where this is headed. Anderson will raise "concerns," which will be addressed by redefining terms like "good reason" and "necessary." That is, if the UK's border protection continues to align with the United States model. Anderson believes this unchecked power is a "useful tool" in the fight against terrorism, and as such, is unlikely to raise severe objections to its continued use.

Even the statements from Scotland Yard defending this tactic have an eerie familiarity.

As with any power to detain an individual it is used appropriately and proportionally and is always subject to scrutiny by an independent reviewer of UK anti-terror laws.

Yes, that's right. Here in the US we also have nothing to fear. Everything the NSA, FBI, DHS, CBP and other acronymed agencies do under the guise of "fighting terrorism" is completely above board, subject to rigorous oversight and 100% legal. It only seems like an intrusive violation of privacy and an abuse of basic civil liberties, something that governments should be protecting us from rather than subjecting us to.

And as for that "independent review," it seems as though Anderson is already at least halfway in agreement with Scotland Yard on the perceived necessity of these policies, something that doesn't bode well for international travelers.

In April Florida Governor Rick Scott approved a ban on slot machines and Internet cafes after a charity tied to Lt. Governor Jennifer Carroll was shut down on suspicion of being an Internet gambling front -- forcing Carroll, who had consulted with the charity, to resign.

But, here's the problem. The bill's definitions section is a complete mess. You can see the full text (pdf) which contains cross outs and additions, but what comes out in the end is the following:

As used in this chapter, the term "slot machine or device" means any machine or device or system or network of devices... that is adapted for use in such a way that, upon activation... such device or system is directly or indirectly caused to operate or may be operated and if the user, whether by application of skill or by reason of any element of chance or any other outcome unpredictable by the user him or her, may....

(a) Receive or become entitled to receive any piece of money, credit, allowance, or thing of value, or any check, slug, token, or memorandum, whether of value or otherwise, which may be exchanged for any money, credit, allowance, or thing of value or which may be given in trade; or

(b) Secure additional chances or rights to use such machine, apparatus, or device, even though the device or system may be available for free play or, in addition to any element of chance or unpredictable outcome of such operation, may also sell, deliver, or present some merchandise, indication of weight, entertainment, or other thing of value. The term “slot machine or device” includes, but is not limited to, devices regulated as slot machines pursuant to chapter 551.

Note that I took out chunks of that definition to try to make it more readable and it's still a mess. The short version is that a slot machine or device is any machine or device by which someone can play a game of chance. That's any device with a web browser connected to the internet. Any one.

Almost immediately, around 1,000 internet cafes shut down, and now one of them, called Incredible Investments, is suing, seeking declaratory relief on a number of issues related to the law, which shut down their cafe. They go through one by one the problems with the law (and they are many), including the definition of the slot machine:

The definition of “slot machine or device” now contained in Fla. Stat. § 849.16, as amended, fails to adequately describe the prohibited machine or device such that a person of common understanding cannot know what is forbidden.

[....] As amended, Section 849.16, Florida Statutes includes a presumption that any device, system, or network like the Plaintiff’s computers that displays images of games of chance is an illegal slot machine.

The newly-enacted section 849.16(3), Florida Statutes, creates an evidentiary presumption that relieves the State of Florida of its burden of persuasion beyond a reasonable doubt of every essential element of a crime

There's a lot more in the actual lawsuit (embedded below). Can we just have lawmakers recognize, once and for all, that they're really bad at legislating technology?

This is the birth of modern personal computing on so many levels. Engelbart, and his staff at SRI, more or less invented the very concept of a personal computer, including the mouse, the graphical user interface, hyperlinks, and so much more that is now standard today. So many of those concepts are now ubiquitous, in part, because of Engelbart's brilliance, and his openness in sharing what he was working on and inspiring so many of those who came into contact with him over the years. Engelbart shared these concepts with the world, and the world took them and built so many useful things with them. The computing world we live in today would likely be very, very different if there had never been a Doug Engelbart.

The police should be allowed to hack into mobile phones and computers, even when these are located abroad. This is proposed by the Dutch government on May 2nd of 2013. While this appears to be a powerful asset for law enforcement, in reality it creates unnecessary vulnerabilities for citizens.

The bill would also make it a crime for a suspect to refuse to decipher encrypted files during a police investigation.

It is expected the draft legislation will be put to parliament by the end of the year.

The bill singles out child pornography and terrorism as two areas of special concern. The publication of stolen data would also become punishable.

It's easy to see how the last of those could be abused to silence inconvenient whistleblowers. Bits of Freedom sums up well the key danger with the bill:

other countries, such as China, will use the powers as a justification for their own activities. They will follow the Dutch example by allowing their police to use the same methods, including hacking abroad, in order to delete controversial data. Civilians will become the victims in an arms race between hacking governments.

Indeed, it's worth considering for a moment what the Chinese response will be when it finds Dutch police, with the full approval of the Dutch government, deleting files or installing spyware on computers on its territory. It won't matter if the latter were involved in breaking into Dutch systems, or controlling a global botnet: national pride will be at stake over what will effectively be an attack on Chinese citizens and property. So as not to lose "face", a robust response is guaranteed. Is the Netherlands (population 6,065,459 16,788,973) really ready to take on China (population 1,353,821,000) over this?

from the fruit-ninjas-are-everywhere dept

Okay, I really thought this week was going to be the one where our awesome stuff posts didn't have a theme. But... because of some last minute finds, you not only get two separate themes, but also four projects, rather than our standard three. First up, we've got two different takes on a computer, and then we've got two projects that help you rethink how you input data into a computer.

First up, is the MiiPC. It's an Android-powered PC that's designed for family use. From the screenshots/video they show, they at least appear to have done a decent job making Android functional as a desktop OS. Some of the "family" features seem a little hokey and overhyped, but perhaps it appeals to some people.

Of course, what struck me as most interesting about this was actually the price. $99 for a simple computer seems like a potentially good deal for people looking to just do simple stuff. This project blew past its funding targets quickly and has already more than doubled it with over a month to go.

So that's a more modern take on a PC, but how about one that's a bit more retro? The the X500 is a modern computer case, but which takes its design cues from classic early 1980s gaming consoles like the Amiga, Atari and Sinclair. My first computer was an Atari 800, so I've got a soft spot for this style of design, even if it's probably not that practical these days.

It's just a case, so you'll have to want to do some DIY computer building to get an actual computer in there. Also, if this one interests you, don't wait too long. The project ends tomorrow. It's already just barely squeaked over its target, so it will definitely be funded.

Since we're talking about DIY, howzabout the DUO, the world's first DIY 3D sensor. If you've been living under a rock for a while, you may have missed all the buzzy and hype about the Leap Motion controller for gesture recognition on your computer. The DUO, conceptually, is pretty similar to the Leap, except that this not about fancy shiny locked up boxes, but about making your own damn fancy gesture controller. Basically, the different levels get you started at different points along the process of making your own such device (though, yes, you can also purchase fully assembled ones, but they're much more expensive than the Leap).

The DUO is still only about 1/3 of the way to its target, but with nearly a month left, it seems like it will probably get there. Might not be as fancy as the Leap, but how much cooler is it to show off that you made our own?

And since we're on the subject of gesture recognition for computers, how about the the NUIA eyeCharm, which is an add on to the Kinect (which we'll assume you already know about...), to make it so you can control your computer via eye movements. There were rumors that Samsung was working on something like this to be built into phones and tablets, but these guys are doing it as a simple add on to the Kinect.

This one has just a week to go and is hovering right near its target, and should easily pass it soon (if it hasn't already by the time you read it).

Well, that's it for this week. Bonus points figuring out how many times Fruit Ninja appears in the Kickstarter videos above. I had no idea that that game had become such a "must show" in any such demo.

from the well-that's-a-surprise dept

Here's a surprise ruling. For many years we've written about how troubling it is that Homeland Security agents are able to search the contents of electronic devices, such as computers and phones at the border, without any reason. The 4th Amendment only allows reasonable searches, usually with a warrant. But the general argument has long been that, when you're at the border, you're not in the country and the 4th Amendment doesn't apply. This rule has been stretched at times, including the ability to take your computer and devices into the country and search it there, while still considering it a "border search," for which the lower standards apply. Just about a month ago, we noted that Homeland Security saw no reason to change this policy.

Well, now they might have to.

In a somewhat surprising 9th Circuit ruling (en banc, or in front of the entire set of judges), the court ruled that the 4th Amendment does apply at the border, that agents do need to recognize there's an expectation of privacy, and cannot do a search without reason. Furthermore, they noted that merely encrypting a file with a password is not enough to trigger suspicion. This is a huge ruling in favor of privacy rights.

The ruling is pretty careful to strike the right balance on the issues. It notes that a cursory review at the border is reasonable:

Officer Alvarado turned on the devices and opened
and viewed image files while the Cottermans waited to enter
the country. It was, in principle, akin to the search in Seljan,
where we concluded that a suspicionless cursory scan of a
package in international transit was not unreasonable.

But going deeper raises more questions. Looking stuff over, no problem. Performing a forensic analysis? That goes too far and triggers the 4th Amendment. They note that the location of the search is meaningless to this analysis (the actual search happened 170 miles inside the country after the laptop was sent by border agents to somewhere else for analysis). So it's still a border search, but that border search requires a 4th Amendment analysis, according to the court.

It is the comprehensive and intrusive nature of a forensic
examination—not the location of the examination—that is the
key factor triggering the requirement of reasonable suspicion
here....

Notwithstanding a traveler’s diminished expectation of
privacy at the border, the search is still measured against the
Fourth Amendment’s reasonableness requirement, which
considers the nature and scope of the search. Significantly,
the Supreme Court has recognized that the “dignity and
privacy interests of the person being searched” at the border
will on occasion demand “some level of suspicion in the case
of highly intrusive searches of the person.” Flores-Montano,
541 U.S. at 152. Likewise, the Court has explained that
“some searches of property are so destructive,” “particularly
offensive,” or overly intrusive in the manner in which they
are carried out as to require particularized suspicion. Id. at
152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at
541. The Court has never defined the precise dimensions of
a reasonable border search, instead pointing to the necessity
of a case-by-case analysis....

You mostly store everything on your laptop. So, unlike a suitcase that you're bringing with you, it's the opposite. You might specifically choose what to exclude, but you don't really choose what to include.

The reason you bring the contents on your laptop over the border is because you're bringing your laptop over the border. If you wanted the content of your laptop to go over the border you'd just send it using the internet. There are no "border guards" on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they're not doing it by entering that country through border control.

We'd never seen a court even seem to acknowledge that content on devices is different than contents in a suitcase... until now. One interesting tidbit, is that they specifically note that "secure in their papers" part of the 4th Amendment, while noting that what's on your device is often like your personal "papers."

The amount of private information carried by
international travelers was traditionally circumscribed by the
size of the traveler’s luggage or automobile. That is no
longer the case. Electronic devices are capable of storing
warehouses full of information. The average 400-gigabyte
laptop hard drive can store over 200 million pages—the
equivalent of five floors of a typical academic library....
Even a car full of packed suitcases with sensitive documents
cannot hold a candle to the sheer, and ever-increasing,
capacity of digital storage.

The nature of the contents of electronic devices differs
from that of luggage as well. Laptop computers, iPads and
the like are simultaneously offices and personal diaries. They
contain the most intimate details of our lives: financial
records, confidential business documents, medical records
and private emails. This type of material implicates the
Fourth Amendment’s specific guarantee of the people’s right
to be secure in their “papers.”.... The
express listing of papers “reflects the Founders’ deep concern
with safeguarding the privacy of thoughts and ideas—what
we might call freedom of conscience—from invasion by the
government.”... These records are expected to be kept
private and this expectation is “one that society is prepared to
recognize as ‘reasonable.’”

Electronic devices often retain sensitive and confidential
information far beyond the perceived point of erasure,
notably in the form of browsing histories and records of
deleted files. This quality makes it impractical, if not
impossible, for individuals to make meaningful decisions
regarding what digital content to expose to the scrutiny that
accompanies international travel. A person’s digital life
ought not be hijacked simply by crossing a border. When
packing traditional luggage, one is accustomed to deciding
what papers to take and what to leave behind. When carrying
a laptop, tablet or other device, however, removing files
unnecessary to an impending trip is an impractical solution
given the volume and often intermingled nature of the files.
It is also a time-consuming task that may not even effectively
erase the files.

Huh. That last paragraph sounds a lot like my argument above. Very cool to see a court actually recognize this basic point. Considering it had been ignored for so long, I'd almost given up hope.

In this case, they also noted that part of the forensic analysis of the computer involved restoring deleted files, and note:

It is as if a search of a person’s suitcase could reveal not only
what the bag contained on the current trip, but everything it
had ever carried.

The court is equally worried about the fact that the device is often just a portal to cloud based services, and how a search of a device might lead to access to that data, even if it's been snug and secure "in the cloud" the whole time, rather than crossing the border:

With the ubiquity of cloud computing, the government’s
reach into private data becomes even more problematic.12 In
the “cloud,” a user’s data, including the same kind of highly
sensitive data one would have in “papers” at home, is held on
remote servers rather than on the device itself. The digital
device is a conduit to retrieving information from the cloud,
akin to the key to a safe deposit box. Notably, although the
virtual “safe deposit box” does not itself cross the border, it
may appear as a seamless part of the digital device when
presented at the border. With access to the cloud through
forensic examination, a traveler’s cache is just a click away
from the government.

Of course, this doesn't mean that no searches can ever take place. Instead, they just need to be "reasonable" and live up to the standards of the 4th Amendment. In fact, in this very case they still say that there was "reasonable suspicion to conduct the initial search, and that appears like it may be a legitimate claim (the guy had a previous conviction for child molestation, which the agents believed -- incorrectly, but they believed it at the time -- was for child porn). But for everyone else, where there is no reasonable suspicion, our 4th Amendment protections just got stronger (at least if you're entering the country in an area covered by the 9th Circuit (covering California, Alaska, Arizona, Hawaii, Oregon, Nevada, Washington, Idaho and Montana).

There's one other important part of the ruling as well. In discussing the "reasonable suspicion" the court agrees it was there because of the prior conviction, as well as the fact that guy was travelling from Mexico which is "a country associated with sex tourism." However, the government also argued that password protected files gave them reasonable suspicion, and thankfully the court slaps them down:

To these factors, the government adds another—the
existence of password-protected files on Cotterman’s
computer. We are reluctant to place much weight on this
factor because it is commonplace for business travelers,
casual computer users, students and others to password
protect their files. Law enforcement “cannot rely solely on
factors that would apply to many law-abiding citizens,”
... and password protection is
ubiquitous. National standards require that users of mobile
electronic devices password protect their files.... Computer users are routinely advised—and in
some cases, required by employers—to protect their files
when traveling overseas....

There are some dissenting opinions, basically suggesting that this upturns more settled law, but the majority ruling makes a strong case for why the Supreme Court has actually not really directly answered this question before, but has tiptoed carefully around it. Still, it seems likely that there will be an appeal to the Supreme Court, so this probably isn't over yet. Hopefully, the Supreme Court will uphold this important ruling, and recognize that we don't give up our 4th Amendment rights at the border.

from the scary-scary-internet dept

It is a standing modern truth that you can take a scary word in the English language and turbocharge its terror factor by putting the word "cyber" in front of it. Don't believe me? Murder. Some guy stabs or shoots me. Cyber-murder. Holy crap! A dude can reach through the computer and electrocute my face! The problem, as we've discussed previously, is that many of the supposed facts used to hype cybercrime are massively overstated, and the unfortunately resulting hysteria breeds atrocities like The Patriot Act, because computers are terrifying and apparently the government is not. Of course, it doesn't end with crime. Cyberwar, cyber-terrorism, these words now permeate the bloodstream like terrifying nanobots, all while the use of technology and the internet marches forward at incredible rates.

According to Vance, cybercrime isn't just a growing trend—it's a fundamental shift in the way modern crime works. It has already reached a point where nearly every crime in the city involves a cyber component.

"It is rare that a case does not involve some kind of cyber or computer element that we prosecute in our office—whether it is homicide, whether it's a financial crime case, whether it's a gang case where the gang members are posting on Facebook where they're going to meet," said Vance.

It seems to me that just because there is a small element in a murder that involves a computer, that doesn't make it cybercrime, but that's apparently how it's being reported at the DA's office. This, of course, allows federal agencies like DHS and the CIA to get involved, where they, otherwise, would not.

The city is getting help from the Secret Service, Department of Homeland Security, local businesses, and others. This system of cooperation was actually set up in 2001 when President George W. Bush signed the PATRIOT Act into law. It established the Electronic Crimes Task Forces (ECTFs) under the Secret Service. According to the Secret Service website, "The concept of the ECTF network is to bring together not only federal, state and local law enforcement, but also prosecutors, private industry and academia."

I wouldn't want to necessarily suggest that having the alphabet agencies get involved at some level is always going to be a bad thing, but perhaps it is time we all had a conversation about how we, as citizens, want to be policed in America. That question is going to dovetail into whether or not we want scare-words like "cyber" to result in law enforcement evolving away from the local level to the federal level. For a country that bangs the "get government out of our lives" drum so frequently, often from the party that spawned The PATRIOT Act no less, we seem quite willing to let irrational fear dominate us.

from the one-way-out dept

Wired is running a series of opinion pieces concerning ways to "fix" problems with the patent system today (we've made our own suggestions in the past if anyone's interested). It started with a suggestion from Mark Lemley that was similar to his other recent statements about fixing the problems of software patents by actually applying existing law to stop functional claiming (i.e., claiming around general concepts rather than specific implementations).

The second post in the series comes from Richard Stallman, who notes that it seems quite unlikely that the US will carve out software patents, noting (correctly) that this might not solve the problem anyway, since patent lawyers would just change how they write patent applications to get around any such carve-out. Instead, he suggests a different solution: limiting how widely software patents can impact new technology:

My suggestion is to change the effect of patents. We should legislate that developing, distributing, or running a program on generally used computing hardware does not constitute patent infringement. This approach has several advantages:

It doesn’t require classifying patents or patent applications as “software” or “not software.”

It provides developers and users with protection from both existing and potential future computational idea patents.

It's an interesting suggestion, but I'm not so sure it would go over that well. People would certainly question why general purpose computing gets a pass. Also, the "generally used computing hardware" standard could be kind of hard to define as well. It still seems like there are more elegant solutions that focus on the real root of the problem, rather than trying to "carve out" certain impacts that we don't like.

On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands.

If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests.

Even totally law-abiding users might be caught up in this digital war:

Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes.

It's not really down to governments to publish details of flaws, but it's possible they might be less inclined to encourage the public to patch them, if they want to use the vulnerabilities themselves. This would doubtless lead to criminals taking advantage of widespread holes in security, with personal data being stolen, and financial systems compromised.

All-in-all, the Dutch proposal has to be one of the most foolish ever presented by a government in this area, and shows the folly of trying to come up with quick fixes for the currently-fashionable issue of "cybercrime", instead of really thinking through the consequences. Let's hope calmer heads prevail, and the proposal is withdrawn.

from the new-state-sponsored-tablet-or-cross-dresser's-quarters dept

The world of tablet computing is highly competitive and everyone's looking to get in on the action. The latest entrant has something going for it that its closest competitors can't touch: the weight of one the most powerful governments in the world.

Russia, yes that Russia, is looking to produce its own tablet, unfortunately titled the "RuPad." It should do well, considering it should be able to corner every market (but the black one) and become the "must have" tablet for both Russian government employees and the general public alike. There's nothing like the implicit threat of general statist unpleasantness to move a few thousand units.

Unlike Android tablets elsewhere in the world, the RuPad will provide users with unprecedented privacy, protecting their info from rogue capitalists like Google:

"The operating system has all the functional capabilities of the Android OS, but does not contain the covert functions of sending private user data to Google headquarters," Andrey Starikovsky, the general director of the university-based company behind the tablet, told Deputy Prime Minister Dmitry Rogozin.

On the bright side, Russians won't have to waste much time comparison shopping or camping out overnight for the latest iThing. I'm sure the RuPad will come highly recommended by salespeople wishing to keep their jobs and family members intact.

Developers at the ministry's Central Scientific Research Institute said their main client is—and will probably always be—the state and its top brass. "The military version will be shock- and water-proof," Russian media quoted production unit director Andrei Starikovsky as telling Rogozin at the presentation.

Like the GLONASS satelitte system before it, the RuPad appears to be another state project that results in something usable by the general public. But for it to be Mother Russia-approved, the Android system has to be purged of its innate data harvesting properties. This homegrown Android version may have a chance for some stress testing as soon as it goes live, as Project Manager Dmitry Maikhailov has boldy invited hackers to punch holes in the system.

"They are not afraid of Google or the US government stealing things per se. They are afraid of leaks in general," the operating system's project manager Dmitry Mikhailov told AFP. "There is nothing like this operating system on the market. It is hack-proof," Mikhailov claimed. "There are people who are clamouring for this."

Despite insistence that this is a "military-first" project, pre-orders have already begun piling up, at least according to the manufacturer. And maybe there is a crowd of wealthier Russians looking to get their hands on some retail-ready military hardware. It worked for the Humvee. Why not a "shockproof, waterproof, hackerproof" tablet that runs a proprietary version of Android? (Currently sporting the name "RoMOS," which looks to be another possible name for the tablet itself.)

One would imagine the government/military version would come with all needed software pre-loaded, but the average consumer might need to do a bit of rooting in order to install anything that isn't Russia-approved. Google has been kicked to the curb app-wise, as well:

"Some of the components will be imported, and the assembly will be carried out by a Russian-based leading defense institute. We excluded Google Market from it for safety reasons,” said Starikovsky.

There's no firm release date ("before the end of 2012") on the RuPad/RoMOS/ANTiGoogle, but considering the operating system has been in development for "over five years," it would seem like "any day now" would be a good bet. Of course, it's headed to the military and top government officials first, so it could be several more months before the specs make it out into the wild. Until the illustrious debut of the People's Tablet, feast your eyes on the Glorious Past of Russian Komputing!